Get ready for wearables

By Kirk Norsworthy

Apr 01, 2015

Wearables are poised to seriously affect our day-to-day lives. In fact, reports indicate Apple intends to manufacture more than five million Apple Watches in its first run. Consumers generally set trends while businesses and government agencies follow on adoption, but the success of the Apple Watch and other wearables will affect how quickly these devices infiltrate agencies. Though we may be years away from significant adoption, it’s important for government agencies to begin incorporating wearables into their security planning now.

Wearables fall into two categories: specialized and general purpose devices. Specialized wearables have specific purposes, like the Fitbit, which measures steps and converts them to calories burned. Other specialized devices can monitor and administer insulin, or monitor a patient with a heart condition and call for medical support.

General purpose devices like the Apple Watch, on the other hand, provide a number of uses depending on the applications users download, similar to a smartphone or tablet today. With general devices users can, for example, instantly download a map to a nearby jogging trail using GPS coordinates as the basis for the request.

We are likely to see specialized devices incorporated into government agencies. For example, agencies may eventually provide employees with a device that can serve as both a timecard and an access key, which could help improve security and improve attendance tracking. Instead of taking the time to fill out a physical timecard, a signal within the device will alert the system when employees enter and exit the building. Once someone enters the building, the wearable could also track and monitor where that person is in the building – this is especially useful for monitoring or restricting access in secure buildings.

In many states today, child care programs give parents a time-and-attendance swipe card so they can check their children in and out of a sponsored child care provider. The data is gathered electronically and sent to the state where it is processed so that the child-care provider receives an electronic reimbursement months faster than the previously manual method and accuracy of attendance is guaranteed.

However, general wearables owned by individuals may be useful to agencies as well – for example, in emergency situations where timely communication with citizens is crucial. In the same way Weather.com pushes notifications to a users’ smartphones to let them know there is a tornado in the area, a general purpose wearable could also receive alerts. Likewise, an agency could notify employees about issues of concern or lockdown via wearables, then provide instructions and updates on the situation as well as directions to a rally point.

The key to success with smart wearables, both those provided by agencies and those purchased by employees, is to include them in infrastructure security planning as with any other device. Instead of fearing smart wearables, agencies should embrace them and work toward securing those devices as they have secured smartphones. To successfully manage wearables the agency’s security team needs to monitor the continuously changing network landscape and keep an eye out for device introductions.

Wearables need to be treated as an extension of the total security architecture and assessments that agencies do today. The same controls for computers need to be present and mandatory for access by smart wearables, including strong passwords and data encryption. The technical security needs to include consideration of the same basic concerns: perimeter network defense, vulnerability management and network monitoring. Finally, security success comes only through training and awareness coupled with active continuous monitoring.

With the expected rise of wearables in the consumer world, it’s only a matter of time before they infiltrate government. We can learn from the bring-your-own-device movement – employees will demand to use personal devices at work, and agencies will be asked to step up and ensure the security of any number of device types. In a similar vein, as more employees use wearable devices at work, more applications will arrive that enhance government functions, and agency IT departments will be challenged to make sure they completely secure and protect their sensitive data.